[Miadelcara]

Can someone please tell me what this is?
Thanks.

[etaf]

have you got problems with your PC with DSO exploits???

i think it stands for
dynamic shared object http://www.geocities.com/ikind_babel/babel/babel.html#D
or
distributed system object - usually DSOM
but maybe wrong,

[HiJackKiller]

Ya i have it too spybot always finds it and cant remove it.................

[Miadelcara]

Spybot finds, I delete, spybot finds again, I delete. Just annoying.

[etaf]

Would you post the error here please

you could try ad-aware

AD-AWARE:
download, update and run ad-aware
http://www.lavasoftusa.com/ or http://www.networkingfiles.com/Cookie/adaware.htm
http://www.lavasoftusa.com/support/download/

Before you scan with AdAware, check for updates of the reference file by clicking on "Check for updates now", connect.

Click on Start, Use custom scanning options, Customize.

Make sure the following settings are made and on -------"ON=GREEN"

"Scan within archives"
"Scan active processes"
"Scan registry"
"Deep scan registry"
"Scan my IE Favorites for banned URL"
"Scan my host-file"

Click on Tweak,
Select scanning engine and click on "Unload recognized processes during scanning"
Select cleaning engine and click on "Automatically try to unregister objects prior to deletion" and
"Let windows remove files in use at next reboot"

Then click "proceed" to save your settings.
Click on Next
Run the scan and fix everything.
Reboot:


post a hijackthis log - theres probably something in startup re-enabling it. see a lot of post in secruity where files also have to be deleted:-

HIJACK THIS:

download and copy hijackthis to its own folder, it makes backups so keeping seperate can be useful - run hijackthis
http://www.tomcoyote.org/hjt/
http://209.133.47.200/~merijn/downloads.html

scan only DO NOT FIX ANYTHING post a log and await advise from one of the many experts in this forum.

also to avoid gettin g spyware you could try having these 2 programs installed

This is for after the problem is solved - and to try and stop it reoccuring:-
Some suggestions I have which may help:-

for completeness once its all fixed - download and install the following;

spywareblaster = http://www.javacoolsoftware.com/spywareblaster.html
spywareguard = http://www.javacoolsoftware.com/sgdownload.html

these will monitor the PC and try and stop spyware being downloaded in the first place

-------------------------------------------------------------------------
Tutorials

http://www.bleepingcomputer.com/for...showtutorial=49
http://www.bleepingcomputer.com/for...showtutorial=50
-------------------------------------------------------------------------

some tutorials on running the above spyware programs with pictures, I know this sometimes can help:-

CWShredder:
http://www.bleepingcomputer.com/for...showtutorial=47

AD-Aware:
http://www.bleepingcomputer.com/for...showtutorial=48

SPYBOT:
http://www.bleepingcomputer.com/for...showtutorial=43

HIJACK THIS:
http://www.bleepingcomputer.com/for...showtutorial=42

[ketsueki13]

DSO exploit is not an object... it is a security hole... the only thing that might fix it are the microsoft updates but its not for sure... if that doesnt fix it then its an exploit that as of right now does not have a fix...

[cybertech]

That is a bug in Spybot.
http://forums.net-integration.net/in...howtopic=15308

[Miadelcara]

Logfile of HijackThis v1.97.7
Scan saved at 12:13:19 PM, on 6/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\monica\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://webmail.dccnet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downlo...?1082738465835
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...067.2252314815
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319

[cybertech]

Your log looks fine to me.

[Miadelcara]

Everything has been working great so far thanks to you for all your assistance! I must be the proud owner of a zillion spyware programs so I think I should narrow it down a little! HJT, CWShredder and AVG are the ones I think I'll keep. Is there a link in the forum where us newbies can go in and download programs that we don't have and should have.....rather than links in threads?

Let me know.

[etaf]

yes you will find some links in secruity - as stickies.

However here are my suggestions, tutorials and some programs which try to prevent spyware in the first place:-
I would recommend updating your virus definitions and spybot and adaware at least once a week - and run

A lot of the advice below is found in the following threads -
you may want to have a read here
http://forums.techguy.org/t157045.html and here http://forums.techguy.org/t178092.html and here
http://forums.techguy.org/t204050.html


FIRST:-

run a virus scan with your own scanner - first make sure your scanner is fully up-to-date with the latest definitions
or you can Run an online scan from here
http://housecall.antivirus.com/pc_housecall.

see here http://forums.techguy.org/t110854.html for other online scanners

Remember to turn off system restore in WinME and XP http://service1.symantec.com/SUPPORT...rc=bar_sch_nam


SECOUND:-

SPYWARE - note the spyware tools websites often come under attack (hence more than 1 location)

CWShedder:
it may be worth running CWShredder first -
download from these sites
http://tinyurl.com/mn7e
http://www.majorgeeks.com/download4086.html
http://209.133.47.200/~merijn/downloads.html
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

Run the program and let it do it's thing. Make sure to click on "Fix" and not scan only.
Reboot:

Now RUN

AD-AWARE:
download, update and run ad-aware
http://www.lavasoftusa.com/ or http://www.networkingfiles.com/Cookie/adaware.htm
http://www.lavasoftusa.com/support/download/

Before you scan with AdAware, check for updates of the reference file by clicking on "Check for updates now", connect.

Click on Start, Use custom scanning options, Customize.

Make sure the following settings are made and on -------"ON=GREEN"

"Scan within archives"
"Scan active processes"
"Scan registry"
"Deep scan registry"
"Scan my IE Favorites for banned URL"
"Scan my host-file"

Click on Tweak,
Select scanning engine and click on "Unload recognized processes during scanning"
Select cleaning engine and click on "Automatically try to unregister objects prior to deletion" and
"Let windows remove files in use at next reboot"

Then click "proceed" to save your settings.
Click on Next
Run the scan and fix everything.
Reboot:

NOW RUN

SPYBOT:

Make sure its Version 1.3, if you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it

is suggested you remove it and reboot prior to installing.

download, update and run spybot
http://spybot.safer-networking.de/
http://tomcoyote.org/SPYBOThttp://w...2-10122137.html
http://www.spybot.us/spybotsd13.exe
http://www.safer-networking.org/

Make sure to check for updates prior to running the scan.
Click on "Search For updates" when prompted.
Scan, click on fix problems.
Reboot:


then once thats all clean, post a HJT log to be sure:-

Only if you have probeems - NOW RUN

HIJACK THIS:

download and copy hijackthis to its own folder, it makes backups so keeping seperate can be useful - run hijackthis
http://www.tomcoyote.org/hjt/
http://209.133.47.200/~merijn/downloads.html

scan only DO NOT FIX ANYTHING post a log and await advise from one of the many experts in this forum.

-------------------------------------------------------------------------
SAFEMODE:-
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

-------------------------------------------------------------------------
some tutorials on running the above spyware programs with pictures, I know this sometimes can help:-

CWShredder:
http://www.bleepingcomputer.com/for...showtutorial=47

AD-Aware:
http://www.bleepingcomputer.com/for...showtutorial=48

SPYBOT:
http://www.bleepingcomputer.com/for...showtutorial=43

HIJACK THIS:
http://www.bleepingcomputer.com/for...showtutorial=42

-------------------------------------------------------------------------

This is for after the problem is solved - and to try and stop it reoccuring:-
Some suggestions I have which may help:-

for completeness once its all fixed - download and install the following;

spywareblaster = http://www.javacoolsoftware.com/spywareblaster.html
spywareguard = http://www.javacoolsoftware.com/sgdownload.html

these will monitor the PC and try and stop spyware being downloaded in the first place

-------------------------------------------------------------------------
Tutorials

http://www.bleepingcomputer.com/for...showtutorial=49
http://www.bleepingcomputer.com/for...showtutorial=50
-------------------------------------------------------------------------

then to keep the system clean update all four programs once a week and run ad-aware and spybot.

-------------------------------------------------------------------------

Of course you should also update and run an anti-virus program of sometype.
An excellent free version is AVG available from http://www.grisoft.com

Firewalls are also very useful - XP has an inbuilt version or you can get free versions from:
Sygate:
http://www.homenethelp.com/web/howto/free-firewall.asp
Zone labs:
http://download.zonelabs.com/bin/fr...dex2_11072.html


for more complete list of tools and alternatives to the above please have a look at this post:
http://forums.techguy.org/t110854.html

[bassetman]

Quote:

Originally Posted by cybertech

That is a bug in Spybot.
http://forums.net-integration.net/i...showtopic=15308

CT, I get a 404 on your link.

[cybertech]

Try it again ... It was working this a.m. I tested it after I posted

I'll fix it